Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2025-08-07 05:32:21 -04:00
Code Issues Projects Releases Packages Wiki Activity

feat: default to disposable netvm

Browse source 
- Default sys-net and sys-firewall to disposable;
- Set global and per vm preferences by starting the qubes or shutting
  down them when necessary; and
- Less manual steps remaining for the user: just rename the net qube, as
  it can only be done via Qubes Manager.
This commit is contained in:
Ben Grande 2024-01-04 21:59:15 +01:00
parent 8a8252d6f0
commit 0216297ee6
10 changed files with 186 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

21
salt/sys-net/README.md
View file

@ -15,25 +15,26 @@ provides the state "qvm.sys-net", but it will create only "sys-net", which can
be a disposable or not. This package takes a different approach, it will
create an AppVM "sys-net" and a DispVM "disp-sys-net".
By default, the chosen one is "sys-net", but you can choose which qube type
becomes the upstream net qube "default_netvm", the "clockvm" and the fallback
target for the "qubes.UpdatesProxy" service in case no rule matched before.
By default, the chosen one is "disp-sys-net", but you can choose which qube
type becomes the upstream net qube "default_netvm" and the fallback target for
the "qubes.UpdatesProxy" service in case no rule matched before.
## Installation
Before installation, rename your current `sys-net` to another name such as
`sys-net-old`, the old qube will be used to install packages require for the
template. After successful installation and testing the new net qube
`sys-net-old`, the old qube will be used to install packages required for the
minimal template. After successful installation and testing the new net qube
capabilities, you can remove the old one. If you want the default net qube
back, just set `sys-net` template to the full template you are using, such as
Debian or Fedora.
Debian or Fedora. Before starting, turn on the `default_netvm` and check if
DNS is working, after that, proceed with the installation.
- Top:
```sh
qubesctl top.enable sys-net
qubesctl --targets=tpl-sys-net state.apply
qubesctl top.disable sys-net
qubesctl state.apply sys-net.prefs
qubesctl state.apply sys-net.prefs-disp
```
- State:
@ -41,7 +42,7 @@ qubesctl state.apply sys-net.prefs
```sh
qubesctl state.apply sys-net.create
qubesctl --skip-dom0 --targets=tpl-sys-net state.apply sys-net.install
qubesctl state.apply sys-net.prefs
qubesctl state.apply sys-net.prefs-disp
```
<!-- pkg:end:post-install -->
@ -50,9 +51,9 @@ If you need to debug a net qube, install some helper tools:
qubesctl --skip-dom0 --targets=tpl-sys-net state.apply sys-net.install-debug
```
If you prefer to have a disposable net qube:
If you prefer to have an app qube as the net qube:
```sh
qubesctl state.apply sys-net.prefs-disp
qubesctl state.apply sys-net.prefs
```
You might need to install some firmware on the template for your network